package com.smartcampusbackend.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;

import java.util.Arrays;
import java.util.Collections;

@Configuration
public class SecurityConfig {

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http
                .cors(cors -> cors.configurationSource(corsConfigurationSource()))
                .csrf(csrf -> csrf.disable())
                .authorizeHttpRequests(auth -> auth
                        .requestMatchers(
                                "/", "/index.html", "/favicon.ico", "/static/**", "/public/**",
                                "/api/auth/captcha",
                                "/api/auth/login",
                                "/api/auth/register",
                                "/api/auth/forgot-password",
                                "/api/auth/reset-password",
                                "/api/auth/info",
                                "/api/users/**",
                                "/uploads/**",
                                "/api/auth/send-change-password-captcha",
                                "/api/courses/**",
                                "/api/teacher/courses/**",
                                "/api/leave-application",
                                "/api/leave-application/**",
                                "/api/leave-application/check-duration",
                                "/api/teacher/leave-applications/**",
                                "/api/admin/leave-applications/**",
                                "/api/student/**",
                                "/api/teacher/courses/*/students",
                                "/api/admin/courses/**",
                                "/api/users/me/grade-statistics",
                                "/api/users/me/grades",
                                "/api/teacher/courses/*/grades",
                                "/api/teacher/courses/*/students",
                                "/api/users/me/graduation/**",
                                "/api/graduation/**",
                                "/api/users/me/academic-warnings",
                                "/api/admin/academic-warnings",
                                "/api/admin/academic-warnings/**",
                                "/api/teacher/academic-warnings",
                                "/api/teacher/academic-warnings/**",
                                "/api/academic-warnings/**",
                                "/api/admin/graduations",
                                "/api/admin/graduations/**",
                                "/api/users/*/grade-statistics",
                                "/api/users/me/title/**",
                                "/api/admin/titles",
                                "/api/admin/titles/*/approve",
                                "/api/admin/titles/*/reject",
                                "/api/upload",
                                "/api/operation-logs",
                                "/api/operation-logs/**",
                                "/api/admin/todo",
                                "/api/departments/**",
                                "/api/majors/**",
                                "/api/admin/courses/filter",
                                "/api/courses/select-required",
                                "/api/users/me/course-schedule",
                                "/api/makeup-exam/student",
                                "/api/makeup-exam/teacher",
                                "/api/makeup-exam/admin",
                                "/api/makeup-exam/**",
                                "/api/logs/**",
                                "/api/announcement/**",
                                "/api/activity/signup/**",
                                "/api/user/read-status/**",
                                "/api/resource/**",
                                "/api/class-circle/**",
                                "/api/user/**",
                                "/api/interest-community/**",
                                "/api/community-post/**",
                                "/api/download/**",
                                "/api/title-attachment/**",
                                "/api/repair/types",
                                "/api/repair/user/**",
                                "/api/repair/statistics",
                                "/api/repair/all",
                                "/api/repair/submit",
                                "/api/repair/**",
                                "/api/repair/export",
                                "/api/payment/**",
                                "/api/alipay/**",
                                "/api/stats/overview",
                                "/alipay/**",
                                "/api/ai/**"
                        ).permitAll()
                        .requestMatchers("/api/repair/types").permitAll()
                        .requestMatchers(org.springframework.http.HttpMethod.POST, "/api/leave-application").permitAll()
                        .requestMatchers(org.springframework.http.HttpMethod.OPTIONS, "/api/leave-application").permitAll()
                        .requestMatchers(org.springframework.http.HttpMethod.GET, "/api/leave-application/check-duration").permitAll()
                        .requestMatchers(org.springframework.http.HttpMethod.POST, "/api/leave-application/{applicationId}/approve").permitAll()
                        .requestMatchers(org.springframework.http.HttpMethod.POST, "/api/admin/leave-applications/{applicationId}/approve").permitAll()
                        .requestMatchers(org.springframework.http.HttpMethod.POST, "/api/admin/courses").permitAll()
                        .requestMatchers(org.springframework.http.HttpMethod.PUT, "/api/admin/courses/{courseId}").permitAll()
                        .requestMatchers(org.springframework.http.HttpMethod.DELETE, "/api/admin/courses/{courseId}").permitAll()
                        .requestMatchers(org.springframework.http.HttpMethod.GET, "/api/admin/courses").permitAll()
                        .requestMatchers(org.springframework.http.HttpMethod.GET, "/api/admin/courses/{courseId}/students").permitAll()
                        .requestMatchers(org.springframework.http.HttpMethod.POST, "/api/teacher/courses/{courseId}/grades").permitAll()
                        .requestMatchers(org.springframework.http.HttpMethod.POST, "/api/admin/academic-warnings/generate").permitAll()
                        .requestMatchers(org.springframework.http.HttpMethod.POST, "/api/admin/academic-warnings/force-generate").permitAll()
                        .requestMatchers(org.springframework.http.HttpMethod.GET, "/api/admin/grades/generate-warnings").permitAll()
                        .requestMatchers(org.springframework.http.HttpMethod.PUT, "/api/academic-warnings/{warningId}/status").permitAll()
                        .requestMatchers(org.springframework.http.HttpMethod.PUT, "/api/admin/graduations/{applicationId}/approve").permitAll()
                        .requestMatchers(org.springframework.http.HttpMethod.PUT, "/api/admin/graduations/{applicationId}/reject").permitAll()
                        .requestMatchers(org.springframework.http.HttpMethod.PUT, "/api/admin/graduations/{applicationId}/reject-credits").permitAll()
                        .requestMatchers(org.springframework.http.HttpMethod.GET, "/api/makeup-exam/student").permitAll()
                        .requestMatchers(org.springframework.http.HttpMethod.GET, "/api/makeup-exam/teacher").permitAll()
                        .requestMatchers(org.springframework.http.HttpMethod.GET, "/api/makeup-exam/admin").permitAll()
                        .requestMatchers(org.springframework.http.HttpMethod.POST, "/api/makeup-exam/apply").permitAll()
                        .requestMatchers(org.springframework.http.HttpMethod.POST, "/api/makeup-exam/approve").permitAll()
                        .requestMatchers(org.springframework.http.HttpMethod.POST, "/api/makeup-exam/review").permitAll()
                        .requestMatchers(org.springframework.http.HttpMethod.GET, "/api/makeup-exam/{id}").permitAll()
                        .requestMatchers(org.springframework.http.HttpMethod.GET, "/api/makeup-exam/statistics").permitAll()
                        .anyRequest().authenticated()
                );
        return http.build();
    }
    
    @Bean
    public CorsConfigurationSource corsConfigurationSource() {
        CorsConfiguration configuration = new CorsConfiguration();
        configuration.setAllowedOriginPatterns(Collections.singletonList("*"));
        configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "OPTIONS"));
        configuration.setAllowedHeaders(Arrays.asList("Authorization", "Content-Type", "X-Requested-With"));
        configuration.setExposedHeaders(Arrays.asList("Authorization"));
        configuration.setAllowCredentials(true);
        configuration.setMaxAge(3600L);
        
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/**", configuration);
        return source;
    }
}